rorix
Sign In

Privacy Policy

Last updated: March 22, 2026

1. Introduction

Authaz ("we", "us", "our") operates Rorix, a supply chain security platform for .NET ecosystems. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you sign in via GitHub OAuth, we receive your name, email address, and profile image. This information is used to create and manage your Rorix account.

Project and Scan Data

To provide our scanning services, we process the following data from your repositories:

  • Package manifests (.csproj, packages.config, .sln files)
  • Package names and versions
  • Scan results and vulnerability reports
  • Generated Software Bills of Materials (SBOMs)
  • Dockerfiles for container scanning

We do NOT access or store your source code.

Usage Data

We collect information about how you use the Service, including pages visited, features used, scan frequency, and API usage patterns.

3. How We Use Your Information

  • Provide vulnerability scanning and dependency analysis
  • Generate SBOMs and compliance reports
  • Send security notifications when new vulnerabilities are discovered
  • Send periodic digest emails about your project health
  • Enforce plan limits and usage quotas
  • Improve and optimize the Service

4. Third-Party Services

We use the following third-party services to operate Rorix:

  • GitHub — OAuth authentication and repository access
  • Vercel — application hosting and infrastructure
  • Resend — transactional and notification emails
  • NuGet / GitHub Advisory Database — vulnerability data sources

5. Data Retention

Your data is retained for as long as your account is active. Upon account deletion, all personal data and project data will be permanently deleted within 30 days. Some anonymized, aggregated data may be retained for analytical purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including TLS encryption for all data in transit, hashed API keys, and secure credential storage. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your scan data and reports
  • Opt out of non-essential email communications

To exercise any of these rights, contact us at legal@authaz.io.

8. Cookies

We use essential cookies for authentication and session management, as well as a theme preference cookie. We do not use third-party tracking cookies or analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us at legal@authaz.io.